HTB Retired Machine: Sense (OpenBSD — Easy)

We will start off with an nmap scan

Now we will run a service scan

If we browse to the IP, we see a login page

Looking at the HTML source code we find out that this is a pfSense login page

Default credentials do not allow us in

I tried running feroxbuster but was getting some errors, so decided to try using dirsearch

Navigating to the changelog, we find that this version of the software has some vulnerabilities

Not sure if this means anything, but placing here for documentation purposes

Got feroxbuster to work, looking at their documentation, I needed the -k flag for insecure

Feroxbuster is taking way to long unfortunately

I’ll use dirbuster with the medium wordlist

Navigating to system-users.txt we find login instructions

Username: rohit

Password: pfsense

Running searchsploiut “pfsense 2.1” we only find 2 exploits (1 that seems work looking into)

Let’s download the Command Injection one

Catting out the file, we find a few flags we need to set

Let’s set the parameters and run the script

User.txt

Answer: 8721327cc232073b40d27d9c17e7348b

Root.txt

Answer: d08c32a5d4f8c8b10e76eb51a69f1a86